How can we implement this scenario?
If we only block one user, we first deny all DML operations against the user and then grant EXECUTE permission to the user as follows:
DENY SELECT, INSERT, DELETE, UPDATE to User1
GRANT EXECUTE TO User1
If we want to apply this to any database users, we can use PUBLIC role as follows:
DENY SELECT, INSERT, DELETE, UPDATE to PUBLIC
GRANT EXECUTE TO PUBLIC